000025673 - Error: '[Date/Time]  Unable to connect to session server: Connection refused' in KCA/KRA admin-error.log

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025673
Applies ToKeon Certificate Authority 4.5.1
Keon Registration Authority 4.5.1
Sentry CA 4.5.1
Sentry RA 4.5.1
Sun Solaris 2.6
IssueError: "[Date/Time]  Unable to connect to session server: Connection refused" in KCA/KRA admin-error.log
Error: "[Date/Time]  Unable to connect to session server: Connection refused" shows up when the Sentry CA/Sentry RA administrator attempts to access the Sentry CA/Sentry RA) Administrative interface
CauseThis error message should not be a cause of concern, nor does it have any significant effect on the Sentry CA/Sentry RA operations. In addition to "httpsd" (the Sentry CA/Sentry RA Web server), Sentry CA/Sentry RA runs a process called "sessiond" - a session server that handles SSL session caching. The above error is logged if "httpsd" cannot connect to "sessiond" for some reason (e.g. if "sessiond" was not started or it was killed).
ResolutionTo avoid the above error message, ensure "sessiond" is started and keeps running. If it is a requirement that "sessiond" not run, the directives 'SSLSessionServer' and 'SSLSessionServerDir' in the httpd.conf file (in Sentry CA/Sentry RA's <install-dir>/WebServer/conf/ directory) should be commented out. This will disable SSL session caching for the Sentry CA/Sentry RA Administration Web server, and the above error messages will not appear.

If "sessiond" is not running, or if the SSL session directives are disabled in the httpd.conf file, there is no adverse effect except that the administrative operations via the Sentry CA/Sentry RA Administrative interface might have a slight performance degradation.
Legacy Article IDa14526